From: Tom Lendacky <thomas.lendacky@amd.com>
To: Rik van Riel <riel@surriel.com>,
Dave Hansen <dave.hansen@intel.com>,
x86@kernel.org
Cc: linux-kernel@vger.kernel.org, bp@alien8.de, peterz@infradead.org,
dave.hansen@linux.intel.com, zhengqi.arch@bytedance.com,
nadav.amit@gmail.com, kernel-team@meta.com, linux-mm@kvack.org,
akpm@linux-foundation.org, jannh@google.com
Subject: Re: [PATCH v4 05/12] x86/mm: add INVLPGB support code
Date: Tue, 14 Jan 2025 10:30:40 -0600 [thread overview]
Message-ID: <0e3f94d0-0d2f-b815-009d-e2e3da375727@amd.com> (raw)
In-Reply-To: <fa9b69251760c832d86c3d3fc7a3e349e2f8b733.camel@surriel.com>
On 1/14/25 09:47, Rik van Riel wrote:
> On Tue, 2025-01-14 at 09:23 -0600, Tom Lendacky wrote:
>> On 1/14/25 09:05, Dave Hansen wrote:
>>> On 1/14/25 06:29, Tom Lendacky wrote:
>>>>> Given the choice between "a bug in the calling code
>>>>> crashes the kernel" and "a bug in the calling code
>>>>> results in a missed TLB flush", I'm guessing the
>>>>> crash is probably better.
>>>> So instead of the negative number protection, shouldn't this just
>>>> use an
>>>> unsigned int for extra_count and panic() if the value is greater
>>>> than
>>>> invlpgb_count_max? The caller has some sort of logic problem and
>>>> it
>>>> could possibly result in missed TLB flushes. Or if a panic() is
>>>> out of
>>>> the question, maybe a WARN() and a full TLB flush to be safe?
>>>
>>> The current implementation will panic in the #GP handler though. It
>>> should be pretty easy to figure out that INVLPGB is involved with
>>> RIP or
>>> the Code: snippet. From there, you'd need to figure out what caused
>>> the #GP.
>>
>> Hmmm, maybe I'm missing something. IIUC, when a negative number is
>> supplied, the extra_count field will be set to 0 (via the max()
>> function) and allow the INVLPGB to continue. 0 is valid in ECX[15:0]
>> and
>> so the instruction won't #GP.
>
> I added that at the request of somebody else :)
>
> Let me remove it again, now that we seem to have a
> consensus that a panic is preferable to a wrong
> TLB flush.
I believe the instruction will #GP if any of the ECX[30:16] reserved
bits are non-zero (although the APM doesn't document that), in addition
to ECX[15:0] being greater than allowed. But what if 0x80000000 is
passed in. That would set ECX[31] with a zero count field, which is
valid for the instruction, but the input is obviously bogus.
I think the safest thing to do is make the extra_count parameter an
unsigned int and check if it is greater than invlpgb_count_max. Not sure
what to actually do at that point, though... panic()? WARN() with full
TLB flush?
Thanks,
Tom
>
next prev parent reply other threads:[~2025-01-14 16:30 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-12 15:53 [RFC PATCH v4 00/10] AMD broadcast TLB invalidation Rik van Riel
2025-01-12 15:53 ` [PATCH v4 01/12] x86/mm: make MMU_GATHER_RCU_TABLE_FREE unconditional Rik van Riel
2025-01-14 12:32 ` Borislav Petkov
2025-01-12 15:53 ` [PATCH v4 02/12] x86/mm: remove pv_ops.mmu.tlb_remove_table call Rik van Riel
2025-01-12 15:53 ` [PATCH v4 03/12] x86/mm: consolidate full flush threshold decision Rik van Riel
2025-01-12 15:53 ` [PATCH v4 04/12] x86/mm: get INVLPGB count max from CPUID Rik van Riel
2025-01-13 15:50 ` Jann Horn
2025-01-13 21:08 ` Rik van Riel
2025-01-13 22:53 ` Tom Lendacky
2025-01-12 15:53 ` [PATCH v4 05/12] x86/mm: add INVLPGB support code Rik van Riel
2025-01-13 14:21 ` Tom Lendacky
2025-01-13 21:10 ` Rik van Riel
2025-01-14 14:29 ` Tom Lendacky
2025-01-14 15:05 ` Dave Hansen
2025-01-14 15:23 ` Tom Lendacky
2025-01-14 15:47 ` Rik van Riel
2025-01-14 16:30 ` Tom Lendacky [this message]
2025-01-14 16:41 ` Dave Hansen
2025-01-13 17:24 ` Jann Horn
2025-01-14 1:33 ` Rik van Riel
2025-01-14 18:24 ` Michael Kelley
2025-01-12 15:53 ` [PATCH v4 06/12] x86/mm: use INVLPGB for kernel TLB flushes Rik van Riel
2025-01-12 15:53 ` [PATCH v4 07/12] x86/tlb: use INVLPGB in flush_tlb_all Rik van Riel
2025-01-12 15:53 ` [PATCH v4 08/12] x86/mm: use broadcast TLB flushing for page reclaim TLB flushing Rik van Riel
2025-01-12 15:53 ` [PATCH v4 09/12] x86/mm: enable broadcast TLB invalidation for multi-threaded processes Rik van Riel
2025-01-13 13:09 ` Nadav Amit
2025-01-14 3:13 ` Rik van Riel
2025-01-12 15:53 ` [PATCH v4 10/12] x86,tlb: do targeted broadcast flushing from tlbbatch code Rik van Riel
2025-01-13 17:05 ` Jann Horn
2025-01-13 17:48 ` Jann Horn
2025-01-13 21:16 ` Rik van Riel
2025-01-12 15:53 ` [PATCH v4 11/12] x86/mm: enable AMD translation cache extensions Rik van Riel
2025-01-13 11:32 ` Andrew Cooper
2025-01-14 1:28 ` Rik van Riel
2025-01-12 15:53 ` [PATCH v4 12/12] x86/mm: only invalidate final translations with INVLPGB Rik van Riel
2025-01-13 17:11 ` Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e3f94d0-0d2f-b815-009d-e2e3da375727@amd.com \
--to=thomas.lendacky@amd.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=jannh@google.com \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=nadav.amit@gmail.com \
--cc=peterz@infradead.org \
--cc=riel@surriel.com \
--cc=x86@kernel.org \
--cc=zhengqi.arch@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox